Oh well, once every month or two isn't as bad as weekly. Hopefully people will be just as forgiving of this Linux track record that you provided as they are of Microsoft's track record with the security holes in Windows.
>... Now is as good a time as any to cut the Win 9x support cord.
But what about those users who couldn't make the move to Linux but also don't want to upgrade their hardware? Whatever will they do if they can't call Microsoft for Windows 98 support anymore?
When *nix becomes more mainstream, expect to see applications requiring root access "just to install" and the masses, who really REALLY want that new screen saver that plays movies (and advertisements, etc.) that get downloaded in the background, following the convenient step-by-step instructions to "install it properly the first time."
Once users get comfortable doing things like this a few times, this will open the floodgates for SpyWare vendors to prey on unsuspecting novice *nix users. Imagine that a SpyWare vendor renames key system files then installs their own that load the SpyWare code and proceed to load the renamed files normally, all to circumvent the security system and process lists entirely. If they're determined enough, you can count on those SpyWare vendors to find a way!
>... With the free stuff, I just look at the name of the licence. I already > know my rights and requirements for a fair few of these licences and I save > time just knowing that I won't have to try and understand yet another > licence in the closed source world.
Are you absolutely certain that the license is exactly the same as the one you read before? Are you completely confident that the name of the license is the best indicator that you're dealing with exactly the same license?
One of the problems I've observed outside of the software industry is that when it comes time to sign a contract, the representatives I'm dealing with will often tell me "Oh, you don't need to read that, it's just a standard contract that everybody signs." When it comes to contract disputes in a court room, I doubt that phrases like "standard contract" or "standard language" could get any credibility since every contract is looked at as a custom agreement.
Lawyers at any corporation who take the time to read and comprehend every contract to determine specifically if staff should be permitted to install some software, regardless of whether they've read it before, are competent and doing their job properly. As an employee of the company working in a non-law capacity, you're doing your job properly by following these procedures (of course, I don't see a problem with clarifying things with the company's lawyers if you believe they've misunderstood the contract, and they'd be wise to consider your perspective seriously and objectively attempt to confirm the correct meaning).
>... we now use a terra-cotta sleeping bunny key safe and feel much more secure.
You'd better change your company policies before the boss reads this, or you could be out of a job for releasing important trade secrets no matter how cute that bunny is!
I strongly recommend you research Novell's PKI solution -- it's integrated directly into Client32 (the network client software) for Windows, and the key, certificate, etc., are all stored in the Directory (formerly known as NDS {Novell Directory Services}, it was renamed to "eDirectory" quite a few years ago).
"NICI" and "Directory Services" and "NetWare" are the keywords which will be most helpful in your search for additional information on this subject.
So, there is hope for intelligence on television after all! This is one of the better shows on these days, and these days intelligence is a lost art on both television and radio (e.g., the real reason Howard Stern moved to satellite was probably mostly to get away from all the stupidity, government regulations, etc.).
Re:Latin quibbles
on
Spam is Dead
·
· Score: 2, Funny
>... At least spell it as "cvm", this is for your own good.
If you do that, the non-*nix crowd (yeah, yeah, deny it all you like) might assume it's a Unix command rather than a Latin word.
Micropayments for eMail
on
Spam is Dead
·
· Score: 2, Interesting
This couldn't be handled at the client's end reliably because that would defeat the whole purpose (not to mention being a target of all those SpyWare vendors) -- in order to prevent bandwidth waste, it would have to be handled by the server.
For this to work, servers would have to indicate the going rate for messages (either by size, number of recipients, number of messages, etc.), and then the sending system would have to either accept it and actually transfer funds before sending the message, or just abort the transaction. The sender could choose how much they want to pay for this "ePostage" before sending it, and then the server could handle it automatically.
The main problems I forsee with such a system are eMail lists (as someone else already pointed out), and automatically generated eMails from other services (free or otherwise) that the user has signed up for. Why should Google AdSense or PayPal or eBay have to pay to notify me that my contact information is invalid, for example (I'm sure a skilled con-artist can see obvious ways to exploit something like this)? And do the users also deserve a share of this income, or just the ISP?
In addition to that, a few technical matters will need to be resolved before anyone can start thinking about even implementing such a system:
0. A new protocol to replace SMTP will be needed (it's not appropriate in my view to add this to SMTP, which is based on a trusted model rather than a costed/financial model). The protocol could be exactly the same as SMTP, but with one additional step inserted immediately after the "HELO/EHLO" stage in order to reduce development overhead for everyone.
1. Automated micropayment transfer protocols will need to be available to these new mail servers, and high-volume servers will need to be set up by the various providers of these financial services. Features will need to be able to handle currency exchange in a simple manner. Dispute procedures will need to be very, VERY well thought out.
2. The potential for criminals to launder large amounts of money by setting high rates or just claiming high volume when it doesn't exist (and both sides indicating this to be correct) in order to facilitate transfers between one another would be of great concern to government and military organizations aiming to impede the funding of so-claimed enemies (e.g., mafia, terrorist groups, trade blocked nations, etc.).
3. Micropayment service providers will likely compete on such things as percentages (e.g., they keep 0.05% of each micropayment to help cover their costs), various service charges (including fees for dispute resolution), usage fees, monthly service fees, etc. Banks are well-known for these types of tactics, and these micropayment providers will likely earn the same notariety.
In the end it will all just end up being very expensive and time-consuming, and I suspect that people will simply abandon it in favour or reverting to SMTP again in order to save money.
It's an interesting pipe dream, but I don't see how it will catch on in our current global economic climate given the current costs of doing business.
Re:Gotten More, but Seen Less
on
Spam is Dead
·
· Score: 1
>... It may be that there is a sufficient number of unguarded mailboxes > so those that have protection aren't worth the effort.
I doubt it. Most spam filters work on eMail messages after they've been successfully received by the target system, and as far as the spammers are concerned this equates to a successful delivery (note that irresponsible filters will generate a bounce/warning to the trivially-forged sender's eMail address).
The only time the spammers even know about this is if they even care. Usually they don't, but that never stops them from trying again. For those spammers that are interested in knowing how many messages in their spamruns failed, they'll see the SMTP rejection codes that normally occur during the SMTP Envelope stage, but this functionality depends on the spamware that they're using.
GMail spam increase in 2006
on
Spam is Dead
·
· Score: 4, Funny
Some of those spammers must've just come back from their holidays at the garbage dump (I just can't bring myself to describe their usual hang-outs -- it would be a complete waste of SlashDot's resources).
Oh I wouldn't worry about that -- count on the spammers to make up for it in 2006. =(
More people should use SpamCop.Net
on
Spam is Dead
·
· Score: 1
More people should report spam to SpamCop.Net. Even if busy people reported only one spam a week to SpamCop.Net, they would be making a tremendous contribution to this war against spam.
Over the years we've encouraged hundreds of individuals to report spam to SpamCop.Net, and many of them still do so today. Those with more free time (or a need for revenge because of a very strong feeling of hatred towards spammers) report all of it, and those who are busy report whatever they have time to report.
As more ISPs have been using BL.SpamCop.Net to automate the blocking of IPs known as sources of spam (because they obviously agree with SpamCop.Net's criteria), the more effective SpamCop.Net is.
Everyone should ask their ISP if they're using BL.SpamCop.Net to block spam. If the answer is negative, then insist that they look into it and follow up with them later to find out if they acted on it. It's free, easy for a server administrator to implement, and it eliminates the need to maintain your own blacklist.
Spam: The social problem
on
Spam is Dead
·
· Score: 2, Insightful
The real crux of this problem is that spam is a social problem. Although many people treat it as a problem that can be solved by purely technical means, in the long run the problem will always be there because:
0. There will always be a criminal element determined to make "a quick buck" without regard for others as long as there are people willing to do business with this criminal element (in this case, the spammers).
1. Many people use the internet who aren't computer specialists, thus are easily fooled by eMails which are designed to imitate messages normally generated by a trusted internet site (usually in an attempt to gain access to confidential information).
2. The up-front costs for the spammers are very low (and quite high for their victims, society, etc.), and there are no serious penalties thus the risks associated with getting caught are minimal (if there are any at all).
3. Marketers stubbornly and vehemently hate (in general) the idea that everyone has a right to "consent." Confirmed opt-in is key because "opt-in" alone isn't enough due to forgery.
There are many ideas for solutions, but unfortunately one of the big challenges societies face today is international differences when it comes to law & order, moral, ethical, and other standards. The internet, by its design, completely ignores international borders, and spammers are enjoying free reign as a result.
So far a combination of DNSBLs (DNS-based Block Lists) and various filters seems to work well for many ISPs, but spammers continue to find ways around these things, hence the fact that it is a social problem.
Education is key, but so far has proven to be impractical. Does anyone have any ideas for solutions (violence works, but is illegal in most civilized nations, so we need to be creative in a different way)?
P.S.: Challenge/Response systems are not the answer because they are, essentially, fighting abuse with abuse.
We build extra systems suitable for replacement as needed, and then either swap parts or replace the entire system as needed.
The main advantage to having these extra systems is that you have the opportunity to test backups by restoring to them as often as you like (the more frequent, the better).
Another advantage is that we can test updates, upgrades, and new software on the extra system and test it before implementing in the production environment.
Slashdot Mirror
> ... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2005-3257 Date? 2005-10-17 ... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2005-2490 (and 2492, both with sendmsg) Date? 2005-09-09 ... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2005-1768 Date? 2005-07-11 ...
>
>
Oh well, once every month or two isn't as bad as weekly. Hopefully people will be just as forgiving of this Linux track record that you provided as they are of Microsoft's track record with the security holes in Windows.
Swiss cheese and wine, anyone?
> ... I'm more scared of the Windows security track record.
There are many support groups for folks like you -- check your local papers for WUGs (Windows Users Groups).
> ... Now is as good a time as any to cut the Win 9x support cord.
But what about those users who couldn't make the move to Linux but also don't want to upgrade their hardware? Whatever will they do if they can't call Microsoft for Windows 98 support anymore?
Don't people use firewalls anymore?
When *nix becomes more mainstream, expect to see applications requiring root access "just to install" and the masses, who really REALLY want that new screen saver that plays movies (and advertisements, etc.) that get downloaded in the background, following the convenient step-by-step instructions to "install it properly the first time."
Once users get comfortable doing things like this a few times, this will open the floodgates for SpyWare vendors to prey on unsuspecting novice *nix users. Imagine that a SpyWare vendor renames key system files then installs their own that load the SpyWare code and proceed to load the renamed files normally, all to circumvent the security system and process lists entirely. If they're determined enough, you can count on those SpyWare vendors to find a way!
> ... With the free stuff, I just look at the name of the licence. I already
> know my rights and requirements for a fair few of these licences and I save
> time just knowing that I won't have to try and understand yet another
> licence in the closed source world.
Are you absolutely certain that the license is exactly the same as the one you read before? Are you completely confident that the name of the license is the best indicator that you're dealing with exactly the same license?
One of the problems I've observed outside of the software industry is that when it comes time to sign a contract, the representatives I'm dealing with will often tell me "Oh, you don't need to read that, it's just a standard contract that everybody signs." When it comes to contract disputes in a court room, I doubt that phrases like "standard contract" or "standard language" could get any credibility since every contract is looked at as a custom agreement.
Lawyers at any corporation who take the time to read and comprehend every contract to determine specifically if staff should be permitted to install some software, regardless of whether they've read it before, are competent and doing their job properly. As an employee of the company working in a non-law capacity, you're doing your job properly by following these procedures (of course, I don't see a problem with clarifying things with the company's lawyers if you believe they've misunderstood the contract, and they'd be wise to consider your perspective seriously and objectively attempt to confirm the correct meaning).
> ... we now use a terra-cotta sleeping bunny key safe and feel much more secure.
You'd better change your company policies before the boss reads this, or you could be out of a job for releasing important trade secrets no matter how cute that bunny is!
I strongly recommend you research Novell's PKI solution -- it's integrated directly into Client32 (the network client software) for Windows, and the key, certificate, etc., are all stored in the Directory (formerly known as NDS {Novell Directory Services}, it was renamed to "eDirectory" quite a few years ago).
"NICI" and "Directory Services" and "NetWare" are the keywords which will be most helpful in your search for additional information on this subject.
So, there is hope for intelligence on television after all! This is one of the better shows on these days, and these days intelligence is a lost art on both television and radio (e.g., the real reason Howard Stern moved to satellite was probably mostly to get away from all the stupidity, government regulations, etc.).
> ... At least spell it as "cvm", this is for your own good.
If you do that, the non-*nix crowd (yeah, yeah, deny it all you like) might assume it's a Unix command rather than a Latin word.
This couldn't be handled at the client's end reliably because that would defeat the whole purpose (not to mention being a target of all those SpyWare vendors) -- in order to prevent bandwidth waste, it would have to be handled by the server.
For this to work, servers would have to indicate the going rate for messages (either by size, number of recipients, number of messages, etc.), and then the sending system would have to either accept it and actually transfer funds before sending the message, or just abort the transaction. The sender could choose how much they want to pay for this "ePostage" before sending it, and then the server could handle it automatically.
The main problems I forsee with such a system are eMail lists (as someone else already pointed out), and automatically generated eMails from other services (free or otherwise) that the user has signed up for. Why should Google AdSense or PayPal or eBay have to pay to notify me that my contact information is invalid, for example (I'm sure a skilled con-artist can see obvious ways to exploit something like this)? And do the users also deserve a share of this income, or just the ISP?
In addition to that, a few technical matters will need to be resolved before anyone can start thinking about even implementing such a system:
0. A new protocol to replace SMTP will be needed (it's not appropriate in my view to add this to SMTP, which is based on a trusted model rather than a costed/financial model). The protocol could be exactly the same as SMTP, but with one additional step inserted immediately after the "HELO/EHLO" stage in order to reduce development overhead for everyone.
1. Automated micropayment transfer protocols will need to be available to these new mail servers, and high-volume servers will need to be set up by the various providers of these financial services. Features will need to be able to handle currency exchange in a simple manner. Dispute procedures will need to be very, VERY well thought out.
2. The potential for criminals to launder large amounts of money by setting high rates or just claiming high volume when it doesn't exist (and both sides indicating this to be correct) in order to facilitate transfers between one another would be of great concern to government and military organizations aiming to impede the funding of so-claimed enemies (e.g., mafia, terrorist groups, trade blocked nations, etc.).
3. Micropayment service providers will likely compete on such things as percentages (e.g., they keep 0.05% of each micropayment to help cover their costs), various service charges (including fees for dispute resolution), usage fees, monthly service fees, etc. Banks are well-known for these types of tactics, and these micropayment providers will likely earn the same notariety.
In the end it will all just end up being very expensive and time-consuming, and I suspect that people will simply abandon it in favour or reverting to SMTP again in order to save money.
It's an interesting pipe dream, but I don't see how it will catch on in our current global economic climate given the current costs of doing business.
> ... It may be that there is a sufficient number of unguarded mailboxes
> so those that have protection aren't worth the effort.
I doubt it. Most spam filters work on eMail messages after they've been successfully received by the target system, and as far as the spammers are concerned this equates to a successful delivery (note that irresponsible filters will generate a bounce/warning to the trivially-forged sender's eMail address).
The only time the spammers even know about this is if they even care. Usually they don't, but that never stops them from trying again. For those spammers that are interested in knowing how many messages in their spamruns failed, they'll see the SMTP rejection codes that normally occur during the SMTP Envelope stage, but this functionality depends on the spamware that they're using.
Some of those spammers must've just come back from their holidays at the garbage dump (I just can't bring myself to describe their usual hang-outs -- it would be a complete waste of SlashDot's resources).
Oh I wouldn't worry about that -- count on the spammers to make up for it in 2006. =(
More people should report spam to SpamCop.Net. Even if busy people reported only one spam a week to SpamCop.Net, they would be making a tremendous contribution to this war against spam.
Over the years we've encouraged hundreds of individuals to report spam to SpamCop.Net, and many of them still do so today. Those with more free time (or a need for revenge because of a very strong feeling of hatred towards spammers) report all of it, and those who are busy report whatever they have time to report.
As more ISPs have been using BL.SpamCop.Net to automate the blocking of IPs known as sources of spam (because they obviously agree with SpamCop.Net's criteria), the more effective SpamCop.Net is.
Everyone should ask their ISP if they're using BL.SpamCop.Net to block spam. If the answer is negative, then insist that they look into it and follow up with them later to find out if they acted on it. It's free, easy for a server administrator to implement, and it eliminates the need to maintain your own blacklist.
The real crux of this problem is that spam is a social problem. Although many people treat it as a problem that can be solved by purely technical means, in the long run the problem will always be there because:
0. There will always be a criminal element determined to make "a quick buck" without regard for others as long as there are people willing to do business with this criminal element (in this case, the spammers).
1. Many people use the internet who aren't computer specialists, thus are easily fooled by eMails which are designed to imitate messages normally generated by a trusted internet site (usually in an attempt to gain access to confidential information).
2. The up-front costs for the spammers are very low (and quite high for their victims, society, etc.), and there are no serious penalties thus the risks associated with getting caught are minimal (if there are any at all).
3. Marketers stubbornly and vehemently hate (in general) the idea that everyone has a right to "consent." Confirmed opt-in is key because "opt-in" alone isn't enough due to forgery.
There are many ideas for solutions, but unfortunately one of the big challenges societies face today is international differences when it comes to law & order, moral, ethical, and other standards. The internet, by its design, completely ignores international borders, and spammers are enjoying free reign as a result.
So far a combination of DNSBLs (DNS-based Block Lists) and various filters seems to work well for many ISPs, but spammers continue to find ways around these things, hence the fact that it is a social problem.
Education is key, but so far has proven to be impractical. Does anyone have any ideas for solutions (violence works, but is illegal in most civilized nations, so we need to be creative in a different way)?
P.S.: Challenge/Response systems are not the answer because they are, essentially, fighting abuse with abuse.
I thought perpetual motion was impossible!
Is he a practicing Jedi Knight by any chance, or does he consider himself retired?
We build extra systems suitable for replacement as needed, and then either swap parts or replace the entire system as needed.
The main advantage to having these extra systems is that you have the opportunity to test backups by restoring to them as often as you like (the more frequent, the better).
Another advantage is that we can test updates, upgrades, and new software on the extra system and test it before implementing in the production environment.