After I got a spare 120 GB drive I decided that it was time to go lossless with the whole collection. That was in 2002. Having a small collection helped with that thinking. Now my collection is 800 albums, 7500 tracks, 194 GB. It's still growing, but so is my available disk space. Advancing storage capacity (and speed) just continues to make lossless easier.
Lossy compression formats are still valuable for portable music players. At least for the next five years. Then I don't know how they'll be useful.
And on page 8 of the arXiv PDF, "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.
KFC at the arXiv blog got it wrong and the/. eds passed it on.
The technical arms race will continue unless politicians and law enforcement join the battle with effective measures that work across national borders.
I'd say instead "The technical arms race will continue regardless of political efforts." How likely is it that you'll get harmony enough on the legislation in conjunction with capable enforcement the world over? The fact that virtually nothing has been done so far is something of an indication of how effective governance-based anti-spam efforts will be.
Spamhaus paints another picture, though, of an organization with some degree of ability to identify spammers (and thus hold them accountable via DNSBLs), but turn that sort of operation into a government entity and it will instantly grow far too slugglish to be effective. As it is, the Spamhaus SBL gets such relatively few hits that it's negligible. (Props to Spamhaus just the same.)
If there's a problem with email breakdown, more often than not it is a result of failure to comply with RFCs. Interestingly, RFCs can be looked at as yet another political way to address the problem. So far RFCs have been a little more egalitarian and meritocratic (at the same time) than what we normally consider governance, but in essence it is still collectively decided rules. (And RFCs haven't always been the right way to do things.)
The network is too porous to be something you can lock down by laws and policing. I take issue with using "genius" to describe a failure to see that.
No, the answer is nowhere near governmental enforcement. The answer is grassroots, and it is technical. Anyway, that's my opinion.
In what I'm told is a document being used by an ITU study group, the following rationale appears for a traceback facility requirement:
A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.
Encrypt the cookie data with the site's private key?... So that holders of the site's public key can decrypt the contents of the cookie? Which would be everyone?
But maybe you meant encrypt the cookie data with the site's public key, so that only the site can decrypt it. That would make more sense. But, still, that doesn't work.
See, you'll be sending something over HTTP to the site in question. Let's say it's a secret message that only the site can decrypt, per your proposal. That does not prevent anyone else from sending the same secret message. I don't have to be able to decrypt the secret cookie to snoop, copy, then send the secret cookie.
One's next inclination may be to find a way to make sure that others can't send the same secret cookie. Perhaps some kind of authentication. I think things start to get a little complex this way. Why not just have the site serve the cookie with "Secure;" in the string?
I suspect the domination struggle is a huge factor for many players. There are inherent pack mentality mechanisms at play in our brain and I bet that beating the crap out of another player or getting the crap beat out of you each have deep brain chemistry effects.
Maybe what the researchers are seeing is something related to that more than a superficial, "well, I can relax now" response.
I bet the Nemesis indicator exacerbates those effects.
Following the Code Red and Nimda attacks of 2001, Gates launched Microsoft's Trustworthy Computing initiative with a well-documented January 2002 memo urging Microsoft employees to refocus on ensuring security across the software giant's product line.
"The worms in 2003 showed there's a long way to go before Windows is secure, and [they] prompted Microsoft to refocus on improving security," Gartner analyst John Pescatore said in his report. "By 2005, Microsoft's server software products will be at or above the industry security average."
A couple times?
I'm sorry, I don't really keep up with Microsoft's reassurances. So I guess you're saying this is the post-2003-worms Refocus instance.
I have to say I haven't noticed any massive worm-related outages since 2003. Maybe an MS sysadmin can corroborate this?
Exactly. The other AC didn't seem to realize that some improvement is still improvement. "Won't work" is not the same thing as "won't help".
"A lot of the spambots deliberately target secondary mail servers..." A "lot" of spambots means not all of them, so some of the spambots will be thwarted by a non-functioning primary MTA. == benefit. But what about effect to legitimate MTAs? False positives are a serious concern.
The nolisting (not sure I like the name) website appears to have stats on spambots v. valid MTAs connecting to primaries v. secondaries, but it's hard to decipher. The best I can figure out is that there is a 3.5% gap in the "Primary only" category where valid MTAs might be falling through the cracks. A couple factors might mitigate or annihilate this percentage: DNSBL nonlisting isn't equivalent to being ham, and the testing methodology may have failed to capture later SMTP connections that would have put the sending MTA into the "Both MX" category.
Anyway, you'd expect reasonable MTAs to get this send-to-secondary aspect of the RFCs correct since primary failures just happen. I'll have to read up on the RFCs.
Oh, and here's something I just found:
Now, a neat trick is the script someone here (or in postfix land) sent to me, which knows whether the primary is up, and alters an SA score on the secondary based on this condition. If the primary is alive, and you send mail to the secondary, an additional x points are tacked on. If the primary is dead, they aren't tacked on.
Slashdot Mirror
What Frizzle Fry said. And plus you don't need to clear the command line; don't output the information in the first place:
map <silent> <F4> :set hlsearch!
Yep, outdated. Mostly, anyway.
After I got a spare 120 GB drive I decided that it was time to go lossless with the whole collection. That was in 2002. Having a small collection helped with that thinking. Now my collection is 800 albums, 7500 tracks, 194 GB. It's still growing, but so is my available disk space. Advancing storage capacity (and speed) just continues to make lossless easier.
Lossy compression formats are still valuable for portable music players. At least for the next five years. Then I don't know how they'll be useful.
Just wow.
And on page 8 of the arXiv PDF, "Composite steganalyzers", it says explicitly that the capacity of the composite channel (using multiple steganalyzers) is less than that of channels using any one of the analyzers alone.
KFC at the arXiv blog got it wrong and the /. eds passed it on.
Maybe there's a hidden message in the mistake?
Probably not.
C is an antique language...
Unix is an antique OS...
?
The goal is also speed. Don't throw the baby out with the bathwater.
Remember the LinuxWorld open source voting demonstration? It only just happened in August.
They were able to tally on the fly, and still perform a paper audit later.
Try to do that with a pure-paper system.
It's been done.
http://www.openvoting.org/
Now please go and support them.
Outlawing something doesn't stop it.
To prosecute, you have to catch. A cooperative government isn't necessarily a capable one.
And botnets are only one route.
Actually, this is pretty clever.
If not actually feasible.
The technical arms race will continue unless politicians and law enforcement join the battle with effective measures that work across national borders.
I'd say instead "The technical arms race will continue regardless of political efforts." How likely is it that you'll get harmony enough on the legislation in conjunction with capable enforcement the world over? The fact that virtually nothing has been done so far is something of an indication of how effective governance-based anti-spam efforts will be.
Spamhaus paints another picture, though, of an organization with some degree of ability to identify spammers (and thus hold them accountable via DNSBLs), but turn that sort of operation into a government entity and it will instantly grow far too slugglish to be effective. As it is, the Spamhaus SBL gets such relatively few hits that it's negligible. (Props to Spamhaus just the same.)
If there's a problem with email breakdown, more often than not it is a result of failure to comply with RFCs. Interestingly, RFCs can be looked at as yet another political way to address the problem. So far RFCs have been a little more egalitarian and meritocratic (at the same time) than what we normally consider governance, but in essence it is still collectively decided rules. (And RFCs haven't always been the right way to do things.)
The network is too porous to be something you can lock down by laws and policing. I take issue with using "genius" to describe a failure to see that.
No, the answer is nowhere near governmental enforcement. The answer is grassroots, and it is technical. Anyway, that's my opinion.
Doh!
In what I'm told is a document being used by an ITU study group, the following rationale appears for a traceback facility requirement:
... <loss for words>
The weirdness has already begun if 9:00 to 18:00 Zurich Time is 2:00 to 10:00 CDT.
Wait wait... what?
Encrypt the cookie data with the site's private key? ... So that holders of the site's public key can decrypt the contents of the cookie? Which would be everyone?
But maybe you meant encrypt the cookie data with the site's public key, so that only the site can decrypt it. That would make more sense. But, still, that doesn't work.
See, you'll be sending something over HTTP to the site in question. Let's say it's a secret message that only the site can decrypt, per your proposal. That does not prevent anyone else from sending the same secret message. I don't have to be able to decrypt the secret cookie to snoop, copy, then send the secret cookie.
One's next inclination may be to find a way to make sure that others can't send the same secret cookie. Perhaps some kind of authentication. I think things start to get a little complex this way. Why not just have the site serve the cookie with "Secure;" in the string?
Thanks for your clarification.
This is basically what I gathered from reading the author's description, but it was so poorly written that it left me wondering.
I suspect the domination struggle is a huge factor for many players. There are inherent pack mentality mechanisms at play in our brain and I bet that beating the crap out of another player or getting the crap beat out of you each have deep brain chemistry effects.
Maybe what the researchers are seeing is something related to that more than a superficial, "well, I can relax now" response.
I bet the Nemesis indicator exacerbates those effects.
I'm surprised there hasn't been mention of Bathsheba's work, "exploring how math, science and sculpture meet".
Yeah. They kind of missed that critical component.
I'm sorry, I don't really keep up with Microsoft's reassurances. So I guess you're saying this is the post-2003-worms Refocus instance.
I have to say I haven't noticed any massive worm-related outages since 2003. Maybe an MS sysadmin can corroborate this?
It's brutal, huh? The system needs fixing.
0 00020.html
http://psychologytoday.com/articles/pto-19950901-
That doesn't help anybody.
Ha.
I understand what you mean about it being a personal experience with ball lightning, but he has a (technical) point.
Wish I'd seen it. I bet it's an inspiring sight.
Exactly.
Perhaps eBay is the appropriate way to monetize on this kind of research.
I'm joking. Quit agreeing.
"A lot of the spambots deliberately target secondary mail servers..." A "lot" of spambots means not all of them, so some of the spambots will be thwarted by a non-functioning primary MTA. == benefit. But what about effect to legitimate MTAs? False positives are a serious concern.
The nolisting (not sure I like the name) website appears to have stats on spambots v. valid MTAs connecting to primaries v. secondaries, but it's hard to decipher. The best I can figure out is that there is a 3.5% gap in the "Primary only" category where valid MTAs might be falling through the cracks. A couple factors might mitigate or annihilate this percentage: DNSBL nonlisting isn't equivalent to being ham, and the testing methodology may have failed to capture later SMTP connections that would have put the sending MTA into the "Both MX" category.
Anyway, you'd expect reasonable MTAs to get this send-to-secondary aspect of the RFCs correct since primary failures just happen. I'll have to read up on the RFCs.
Oh, and here's something I just found:
Cheers and geronimo.